Differences

This shows you the differences between two versions of the page.

--- docs:guide-user:virtualization:docker_openwrt_image [2022/05/03 19:13] – [OpenWrt in QEMU in Docker: Advanced Example] Fix bulletpoints jwmullally
+++ docs:guide-user:virtualization:docker_openwrt_image [2022/06/23 18:07] (current) – [OpenWrt in QEMU in Docker: Advanced Example] Simplify supplying custom config jwmullally
@@ Line 318: / Line 318: @@
 <code bash>
 docker build . -t openwrt_in_qemu
-docker run --name my_openwrt -p 30022:30022,30080:30080 openwrt_in_qemu
+docker run --name my_openwrt -p 30022:30022 -p 30080:30080 openwrt_in_qemu
 </code>
@@ Line 421: / Line 421: @@
 # syntax=docker/dockerfile:1
 #
-# This Dockerfile creates a container image running OpenWrt in a QEMU VM.
+# This Dockerfile creates a container image running OpenWRT in a QEMU VM.
 # https://openwrt.org/docs/guide-user/virtualization/docker_openwrt_image
 # This can be run on regular container clusters (e.g. Kubernetes,OpenShift)
 # without any special permissions.
+#
+#   docker build . -t openwrt_in_qemu
+#   docker run --name my_openwrt -p 30022:30022 -p 30080:30080 openwrt_in_qemu
 #
 # For VGA console access and USB redirection, connect with a SPICE client
-# on port 5900.
+# (e.g. "remote-viewer") on port 5900.
 #
 # To connect to the VM serial console, connect to the running container
-# and execute this command:
+# and execute one of these commands:
 #
-#     socat -,raw,echo=0,icanon=0 unix-connect:/tmp/qemu-console.sock
+#   socat -,raw,echo=0,icanon=0 unix-connect:/tmp/qemu-console.sock
-#     socat -,echo=0,icanon=0 unix-connect:/tmp/qemu-monitor.sock
+#   socat -,echo=0,icanon=0 unix-connect:/tmp/qemu-monitor.sock
 #
 # To use KVM acceleration, add these to your docker/podman arguments:
 #
-#     docker --env QEMU_ARGS="-enable-kvm" --device=/dev/kvm --group-add "$(getent group kvm | cut -d: -f3)"
+#   docker --env QEMU_ARGS="-enable-kvm" --device=/dev/kvm --group-add "$(getent group kvm | cut -d: -f3)"
 #
 # Volumes:
@@ Line 446: / Line 449: @@
 #   /var/lib/vmconfig:
 #     You can use a shared volume/ConfigMap/etc to provide custom initial
-#     configuration with "run.sh" and other files that are sent into the
+#     configuration. The $CWD of these files is the parent vmconfig dir,
-#     VM on first boot. If "gen-config.sh" is detected, it is executed in
+#     which you can use to provide other files. For testing, start docker
-#     the host container with access to the environment variables, and is
+#     with "--volume /tmp/my_config:/var/lib/vmconfig:z"
-#     expected to create "run.sh".
+#
-#     A default script "default-vm-config.sh" is included to set the
+#     container.d: Scripts run on the container before config is sent to the VM
-#     password, open admin ports and resize the disk.
+#     vm.d: Scripts run on the VM
-FROM docker.io/library/alpine:3.15
+FROM docker.io/library/alpine:3.16
 # Install QEMU, remove large unnecessary files
@@ Line 469: / Line 472: @@
     rm -f /usr/share/qemu/edk2-*
-# Download OpenWrt image
+# Download OpenWRT image
 ENV IMAGE_URL="https://downloads.openwrt.org/releases/21.02.3/targets/x86/64/openwrt-21.02.3-x86-64-generic-ext4-combined.img.gz"
 ENV IMAGE_FILE="openwrt-21.02.3-x86-64-generic-ext4-combined.img.gz"
@@ Line 507: / Line 510: @@
     chmod +x /usr/local/bin/provision-image.sh
-# Write default VM configuration script to STDOUT
+# Create default VM configuration scripts
+RUN mkdir -p /usr/local/share/vmconfig/container.d /usr/local/share/vmconfig/vm.d
 RUN echo -e '#!/bin/sh\n\
-set -ex \n\
+set -e \n\
-cat << EOF\n\
+cat > vm.d/20-hostname.sh <<EOF\n\
+#!/bin/sh \n\
+set -e \n\
+uci set system.@system[0].hostname="$QEMU_HOSTNAME" \n\
+uci commit system \n\
+EOF\n\
+chmod +x vm.d/20-hostname.sh \n\
+\n\' > /usr/local/share/vmconfig/container.d/20-hostname.sh && \
+    chmod +x /usr/local/share/vmconfig/container.d/20-hostname.sh
+RUN echo -e '#!/bin/sh\n\
+set -e \n\
+cat > vm.d/20-password.sh <<EOF\n\
 #!/bin/sh \n\
 set -e \n\
 echo -e "$QEMU_PASSWORD\\n$QEMU_PASSWORD" | passwd \n\
-set -x \n\
+EOF\n\
+chmod +x vm.d/20-password.sh \n\
+\n\' > /usr/local/share/vmconfig/container.d/20-password.sh && \
+    chmod +x /usr/local/share/vmconfig/container.d/20-password.sh
+RUN echo -e '#!/bin/sh\n\
+set -ex \n\
 uci add firewall rule \n\
 uci set firewall.@rule[-1].name="Allow-Admin" \n\
@@ Line 523: / Line 546: @@
 uci set firewall.@rule[-1].target="ACCEPT" \n\
 uci commit firewall \n\
+\n\' > /usr/local/share/vmconfig/vm.d/20-firewall.sh && \
+    chmod +x /usr/local/share/vmconfig/vm.d/20-firewall.sh
+RUN echo -e '#!/bin/sh\n\
+set -ex \n\
 ubus wait_for network.interface.wan \n\
 sleep 3 \n\
-/etc/init.d/firewall restart \n\
 opkg update \n\
+\n\' > /usr/local/share/vmconfig/vm.d/30-wait-for-network.sh && \
+chmod +x /usr/local/share/vmconfig/vm.d/30-wait-for-network.sh
+RUN echo -e '#!/bin/sh\n\
+set -ex \n\
 opkg install partx-utils resize2fs sfdisk tune2fs \n\
 echo "- +" | sfdisk --force -N 2 /dev/vda \n\
@@ Line 535: / Line 567: @@
 mount -o remount,rw / \n\
 resize2fs /dev/vda2 \n\
-EOF\n\
+\n\' > /usr/local/share/vmconfig/vm.d/40-resize-disk.sh && \
-\n' > /usr/local/bin/gen-default-vm-config.sh && \
+chmod +x /usr/local/share/vmconfig/vm.d/40-resize-disk.sh
-    chmod +x /usr/local/bin/gen-default-vm-config.sh
 # Write VM configuration archive as serial console commands to STDOUT
@@ Line 552: / Line 583: @@
 mkdir /tmp/vmconfig \n\
 tar -zxvf /tmp/vmconfig.tgz -C /tmp/vmconfig \n\
-/tmp/vmconfig/run.sh && echo "VM configuration result: successful." || echo "VM configuration result: failed." \n\
+sleep 5 \n\
+(cd /tmp/vmconfig && (for f in \$(ls vm.d); do echo "Executing ./vm.d/\$f"; "./vm.d/\$f" || exit 1; done)) && echo -e "\\nVM configuration result: successful." || echo -e "\\nVM configuration result: failed." \n\
 poweroff \n\
 EOF\n\
@@ Line 561: / Line 593: @@
 RUN echo -e '#!/bin/sh\n\
 set -ex \n\
+echo "Discovered vmconfig:" \n\
+find /var/lib/vmconfig \n\
+sleep 5 \n\
 rm -rf /tmp/vmconfig \n\
 cp -rv /var/lib/vmconfig /tmp/vmconfig \n\
-gen-default-vm-config.sh > /tmp/vmconfig/default-vm-config.sh \n\
+mkdir -p /tmp/vmconfig/container.d /tmp/vmconfig/vm.d \n\
-chmod +x /tmp/vmconfig/default-vm-config.sh \n\
+if [ -z "$QEMU_CONFIG_NO_DEFAULTS" ]; then \n\
-if [ ! -f /tmp/vmconfig/run.sh ]; then \n\
+    cp /usr/local/share/vmconfig/container.d/* /tmp/vmconfig/container.d \n\
-    if [ -f /tmp/vmconfig/gen-config.sh ]; then \n\
+    cp /usr/local/share/vmconfig/vm.d/* /tmp/vmconfig/vm.d \n\
-        (cd /tmp/vmconfig && ./gen-config.sh) \n\
-    else \n\
-        mv /tmp/vmconfig/default-vm-config.sh /tmp/vmconfig/run.sh \n\
-    fi \n\
 fi \n\
+(cd /tmp/vmconfig && (for f in $(ls container.d); do "./container.d/$f"; done)) \n\
 run-vm.sh & \n\
 QEMU_PID="$!" \n\
@@ Line 577: / Line 609: @@
 socat STDOUT unix-connect:/tmp/qemu-console.sock | grep -q "Please press Enter to activate this console." \n\
 serialize-vm-config.sh /tmp/vmconfig | socat STDIN unix-connect:/tmp/qemu-console.sock \n\
-VM_CONFIG_RESULT="$(socat STDOUT unix-connect:/tmp/qemu-console.sock | grep -m1 "VM configuration result:")" \n\
+VM_CONFIG_RESULT="$(socat STDOUT unix-connect:/tmp/qemu-console.sock | grep -m1 "^VM configuration result:")" \n\
 if test "${VM_CONFIG_RESULT#*failed}" != "$VM_CONFIG_RESULT"; then \n\
     exit 1 \n\
@@ Line 631: / Line 663: @@
 provision-image.sh \n\
 if [ ! -f /var/lib/qemu/initialized ]; then \n\
-    timeout -s SIGINT "$QEMU_CONFIG_TIMEOUT" send-config-to-vm.sh || echo "VM config error or time out." \n\
+    timeout -s SIGINT "$QEMU_CONFIG_TIMEOUT" send-config-to-vm.sh || (echo "VM config error or time out."; exit 1) \n\
     touch /var/lib/qemu/initialized \n\
     chmod g+rw /var/lib/qemu/* \n\
@@ Line 648: / Line 680: @@
 ENV QEMU_PASSWORD="pass1234"
 ENV QEMU_CONFIG_TIMEOUT="300"
+ENV QEMU_CONFIG_NO_DEFAULTS=""
+ENV QEMU_HOSTNAME="OpenWrtVM"
 ENV QEMU_ARGS=""